Generated on Sun, 1 Feb 2026 16:21:22

ZAP Version: 2.17.0

ZAP by Checkmarx

Summary of Alerts

Risk Level Number of Alerts
High
1
Medium
5
Low
8
Informational
7

Insights

Level Reason Site Description Statistic
Low
Warning
ZAP warnings logged - see the zap.log file for details
18
Low
Exceeded High
http://localhost
Percentage of slow responses
67 %
Info
Informational
http://localhost
Percentage of responses with status code 2xx
50 %
Info
Informational
http://localhost
Percentage of responses with status code 3xx
19 %
Info
Exceeded Low
http://localhost
Percentage of responses with status code 4xx
29 %
Info
Informational
http://localhost
Percentage of endpoints with content type application/javascript
15 %
Info
Informational
http://localhost
Percentage of endpoints with content type image/vnd.microsoft.icon
3 %
Info
Informational
http://localhost
Percentage of endpoints with content type text/css
7 %
Info
Informational
http://localhost
Percentage of endpoints with content type text/html
69 %
Info
Informational
http://localhost
Percentage of endpoints with method GET
84 %
Info
Informational
http://localhost
Percentage of endpoints with method POST
15 %
Info
Informational
http://localhost
Count of total endpoints
26
Info
Informational
https://localhost
Percentage of responses with status code 2xx
100 %
Info
Informational
https://localhost
Percentage of slow responses
100 %

Alerts

Passing Rules

Name Rule Type Threshold Strength
Path Traversal Active MEDIUM MEDIUM
Remote File Inclusion Active MEDIUM MEDIUM
XSLT Injection Active MEDIUM MEDIUM
Server Side Code Injection Active MEDIUM MEDIUM
XPath Injection Active MEDIUM MEDIUM
Remote OS Command Injection Active MEDIUM MEDIUM
XML External Entity Attack Active MEDIUM MEDIUM
Generic Padding Oracle Active MEDIUM MEDIUM
SOAP Action Spoofing Active MEDIUM MEDIUM
SOAP XML Injection Active MEDIUM MEDIUM
Heartbleed OpenSSL Vulnerability Active MEDIUM MEDIUM
Buffer Overflow Active MEDIUM MEDIUM
Source Code Disclosure - CVE-2012-1823 Active MEDIUM MEDIUM
Format String Error Active MEDIUM MEDIUM
Server Side Template Injection Active MEDIUM MEDIUM
Remote Code Execution - CVE-2012-1823 Active MEDIUM MEDIUM
Cloud Metadata Potentially Exposed Active MEDIUM MEDIUM
External Redirect Active MEDIUM MEDIUM
Remote OS Command Injection (Time Based) Active MEDIUM MEDIUM
Server Side Template Injection (Blind) Active MEDIUM MEDIUM
Source Code Disclosure - /WEB-INF Folder Active MEDIUM MEDIUM
HTTPS Content Available via HTTP Active MEDIUM MEDIUM
Remote Code Execution - Shell Shock Active MEDIUM MEDIUM
CRLF Injection Active MEDIUM MEDIUM
Parameter Tampering Active MEDIUM MEDIUM
Server Side Include Active MEDIUM MEDIUM
Cross Site Scripting (Reflected) Active MEDIUM MEDIUM
Cross Site Scripting (Persistent) Active MEDIUM MEDIUM
Script Active Scan Rules Active MEDIUM MEDIUM
Cross Site Scripting (Persistent) - Prime Active MEDIUM MEDIUM
Cross Site Scripting (Persistent) - Spider Active MEDIUM MEDIUM
SQL Injection - MySQL (Time Based) Active MEDIUM MEDIUM
SQL Injection - Hypersonic SQL (Time Based) Active MEDIUM MEDIUM
SQL Injection - Oracle (Time Based) Active MEDIUM MEDIUM
SQL Injection - PostgreSQL (Time Based) Active MEDIUM MEDIUM
Cross Site Scripting (DOM Based) Active MEDIUM MEDIUM
SQL Injection - MsSQL (Time Based) Active MEDIUM MEDIUM
ELMAH Information Leak Active MEDIUM MEDIUM
Trace.axd Information Leak Active MEDIUM MEDIUM
.htaccess Information Leak Active MEDIUM MEDIUM
.env Information Leak Active MEDIUM MEDIUM
Spring Actuator Information Leak Active MEDIUM MEDIUM
Log4Shell Active MEDIUM MEDIUM
Exponential Entity Expansion (Billion Laughs Attack) Active MEDIUM MEDIUM
Spring4Shell Active MEDIUM MEDIUM
Remote Code Execution (React2Shell) Active MEDIUM MEDIUM
HTTP Only Site Active MEDIUM MEDIUM
Verification Request Identified Passive MEDIUM -
Private IP Disclosure Passive MEDIUM -
Session ID in URL Rewrite Passive MEDIUM -
Script Served From Malicious Domain (polyfill) Passive MEDIUM -
ZAP is Out of Date Passive MEDIUM -
Insecure JSF ViewState Passive MEDIUM -
Java Serialization Object Passive MEDIUM -
Vulnerable JS Library (Powered by Retire.js) Passive MEDIUM -
Charset Mismatch Passive MEDIUM -
Cookie No HttpOnly Flag Passive MEDIUM -
Cookie Without Secure Flag Passive MEDIUM -
Re-examine Cache-control Directives Passive MEDIUM -
Content-Type Header Missing Passive MEDIUM -
Anti-clickjacking Header Passive MEDIUM -
Application Error Disclosure Passive MEDIUM -
Information Disclosure - Debug Error Messages Passive MEDIUM -
Information Disclosure - Sensitive Information in URL Passive MEDIUM -
Information Disclosure - Sensitive Information in HTTP Referrer Header Passive MEDIUM -
Off-site Redirect Passive MEDIUM -
Cookie Poisoning Passive MEDIUM -
User Controllable Charset Passive MEDIUM -
WSDL File Detection Passive MEDIUM -
Loosely Scoped Cookie Passive MEDIUM -
Viewstate Passive MEDIUM -
Directory Browsing Passive MEDIUM -
Heartbleed OpenSSL Vulnerability (Indicative) Passive MEDIUM -
Strict-Transport-Security Header Passive MEDIUM -
X-Backend-Server Header Information Leak Passive MEDIUM -
Secure Pages Include Mixed Content Passive MEDIUM -
HTTP to HTTPS Insecure Transition in Form Post Passive MEDIUM -
HTTPS to HTTP Insecure Transition in Form Post Passive MEDIUM -
User Controllable JavaScript Event (XSS) Passive MEDIUM -
Retrieved from Cache Passive MEDIUM -
X-ChromeLogger-Data (XCOLD) Header Information Leak Passive MEDIUM -
CSP Passive MEDIUM -
X-Debug-Token Information Leak Passive MEDIUM -
Username Hash Found Passive MEDIUM -
X-AspNet-Version Response Header Passive MEDIUM -
PII Disclosure Passive MEDIUM -
Script Passive Scan Rules Passive MEDIUM -
Stats Passive Scan Rule Passive MEDIUM -
Hash Disclosure Passive MEDIUM -
Cross-Domain Misconfiguration Passive MEDIUM -
Weak Authentication Method Passive MEDIUM -
Reverse Tabnabbing Passive MEDIUM -

Sites

http://localhost

HTTP Response Code Number of Responses
303 See Other
839
403 Forbidden
10
404 Not Found
1873
200 OK
3205
301 Moved Permanently
410
Authentication Statistics Number of Responses
stats.auth.sessiontoken.MoodleSession
2
Parameter Name Type Flags Times Used # Values

Alert Detail

High
SQL Injection
Description
SQL injection may be possible.
URL http://localhost/moodle/login/index.php
Node Name http://localhost/moodle/login/index.php ()(logintoken,password,username)
Method POST
Parameter password
Attack ZAP AND 1=1 --
Evidence
Request Header - size: 411 bytes.
Request Body - size: 85 bytes.
Response Header - size: 413 bytes.
Response Body - size: 1,503 bytes.
Instances 1
Solution
Do not trust client side input, even if there is client side validation in place.

In general, type check all data on the server side.

If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'

If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.

If database Stored Procedures can be used, use them.

Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!

Do not create dynamic SQL queries using simple string concatenation.

Escape all data received from the client.

Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.

Apply the principle of least privilege by using the least privileged database user possible.

In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.

Grant the minimum database access that is necessary for the application.
Reference https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html
Tags POLICY_SEQUENCE =
OWASP_2021_A03
PCI_DSS
CWE-89
POLICY_QA_CICD =
POLICY_DEV_CICD =
WSTG-v42-INPV-05
POLICY_API =
POLICY_DEV_FULL =
POLICY_QA_STD =
POLICY_QA_FULL =
POLICY_PENTEST =
HIPAA
OWASP_2017_A01
POLICY_DEV_STD =
CWE Id 89
WASC Id 19
Plugin Id 40018
Medium
Absence of Anti-CSRF Tokens
Description
No Anti-CSRF tokens were found in a HTML submission form.

A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

CSRF attacks are effective in a number of situations, including:

* The victim has an active session on the target site.

* The victim is authenticated via HTTP auth on the target site.

* The victim is on the same local network as the target site.

CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.
URL http://localhost/moodle/login/forgot_password.php
Node Name http://localhost/moodle/login/forgot_password.php
Method GET
Parameter
Attack
Evidence <form autocomplete="off" action="http://localhost/moodle/login/forgot_password.php" method="post" accept-charset="utf-8" id="mform1_me6mTmxD0dk4hKG" class="mform">
Request Header - size: 351 bytes.
Request Body - size: 0 bytes.
Response Header - size: 472 bytes.
Response Body - size: 25,802 bytes.
URL http://localhost/moodle/login/index.php
Node Name http://localhost/moodle/login/index.php
Method GET
Parameter
Attack
Evidence <form action="http://localhost/moodle/login/index.php" method="post" id="guestlogin">
Request Header - size: 326 bytes.
Request Body - size: 0 bytes.
Response Header - size: 472 bytes.
Response Body - size: 22,388 bytes.
URL http://localhost/moodle/login/index.php
Node Name http://localhost/moodle/login/index.php
Method GET
Parameter
Attack
Evidence <form class="login-form" action="http://localhost/moodle/login/index.php" method="post" id="login">
Request Header - size: 326 bytes.
Request Body - size: 0 bytes.
Response Header - size: 472 bytes.
Response Body - size: 22,388 bytes.
URL http://localhost/moodle/login/forgot_password.php
Node Name http://localhost/moodle/login/forgot_password.php ()(_qf__login_forgot_password_form,email,sesskey,submitbuttonusername,username)
Method POST
Parameter
Attack
Evidence <form autocomplete="off" action="http://localhost/moodle/login/forgot_password.php" method="post" accept-charset="utf-8" id="mform1_u30Cg3GkfkcbF3x" class="mform">
Request Header - size: 432 bytes.
Request Body - size: 121 bytes.
Response Header - size: 472 bytes.
Response Body - size: 26,119 bytes.
URL http://localhost/moodle/login/index.php
Node Name http://localhost/moodle/login/index.php ()(anchor,logintoken,password,username)
Method POST
Parameter
Attack
Evidence <form class="login-form" action="http://localhost/moodle/login/index.php" method="post" id="login">
Request Header - size: 411 bytes.
Request Body - size: 77 bytes.
Response Header - size: 472 bytes.
Response Body - size: 22,639 bytes.
Instances Systemic
Solution
Phase: Architecture and Design

Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.

For example, use anti-CSRF packages such as the OWASP CSRFGuard.

Phase: Implementation

Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

Phase: Architecture and Design

Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

Note that this can be bypassed using XSS.

Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

Note that this can be bypassed using XSS.

Use the ESAPI Session Management control.

This control includes a component for CSRF.

Do not use the GET method for any request that triggers a state change.

Phase: Implementation

Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.
Reference https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html
https://cwe.mitre.org/data/definitions/352.html
Tags OWASP_2021_A01
POLICY_QA_STD =
POLICY_PENTEST =
SYSTEMIC
WSTG-v42-SESS-05
OWASP_2017_A05
CWE-352
POLICY_DEV_STD =
CWE Id 352
WASC Id 9
Plugin Id 10202
Medium
Content Security Policy (CSP) Header Not Set
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
URL http://localhost/moodle/
Node Name http://localhost/moodle/
Method GET
Parameter
Attack
Evidence
Request Header - size: 226 bytes.
Request Body - size: 0 bytes.
Response Header - size: 658 bytes.
Response Body - size: 30,345 bytes.
URL http://localhost/moodle/admin/tool/dataprivacy/summary.php
Node Name http://localhost/moodle/admin/tool/dataprivacy/summary.php
Method GET
Parameter
Attack
Evidence
Request Header - size: 345 bytes.
Request Body - size: 0 bytes.
Response Header - size: 472 bytes.
Response Body - size: 28,396 bytes.
URL http://localhost/moodle/login/index.php
Node Name http://localhost/moodle/login/index.php
Method GET
Parameter
Attack
Evidence
Request Header - size: 326 bytes.
Request Body - size: 0 bytes.
Response Header - size: 472 bytes.
Response Body - size: 22,388 bytes.
URL http://localhost/robots.txt
Node Name http://localhost/robots.txt
Method GET
Parameter
Attack
Evidence
Request Header - size: 229 bytes.
Request Body - size: 0 bytes.
Response Header - size: 185 bytes.
Response Body - size: 295 bytes.
URL http://localhost/sitemap.xml
Node Name http://localhost/sitemap.xml
Method GET
Parameter
Attack
Evidence
Request Header - size: 230 bytes.
Request Body - size: 0 bytes.
Response Header - size: 185 bytes.
Response Body - size: 295 bytes.
Instances Systemic
Solution
Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.
Reference https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP
https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
https://www.w3.org/TR/CSP/
https://w3c.github.io/webappsec-csp/
https://web.dev/articles/csp
https://caniuse.com/#feat=contentsecuritypolicy
https://content-security-policy.com/
Tags CWE-693
OWASP_2021_A05
OWASP_2017_A06
POLICY_QA_STD =
POLICY_PENTEST =
SYSTEMIC
CWE Id 693
WASC Id 15
Plugin Id 10038
Medium
Directory Browsing
Description
It is possible to view the directory listing. Directory listing may reveal hidden scripts, include files, backup source files, etc. which can be accessed to read sensitive information.
URL http://localhost/moodle/admin/tool/
Node Name http://localhost/moodle/admin/tool/
Method GET
Parameter
Attack http://localhost/moodle/admin/tool/
Evidence Parent Directory
Request Header - size: 322 bytes.
Request Body - size: 0 bytes.
Response Header - size: 173 bytes.
Response Body - size: 9,984 bytes.
URL http://localhost/moodle/admin/tool/dataprivacy/
Node Name http://localhost/moodle/admin/tool/dataprivacy/
Method GET
Parameter
Attack http://localhost/moodle/admin/tool/dataprivacy/
Evidence Parent Directory
Request Header - size: 334 bytes.
Request Body - size: 0 bytes.
Response Header - size: 173 bytes.
Response Body - size: 6,190 bytes.
Instances 2
Solution
Disable directory browsing. If this is required, make sure the listed files does not induce risks.
Reference https://httpd.apache.org/docs/current/mod/core.html#options
Tags OWASP_2021_A01
POLICY_API =
POLICY_QA_STD =
POLICY_QA_FULL =
CWE-548
POLICY_PENTEST =
SYSTEMIC
POLICY_QA_CICD =
OWASP_2017_A05
CWE Id 548
WASC Id 48
Plugin Id 0
Medium
Hidden File Found
Description
A sensitive file was identified as accessible or available. This may leak administrative, configuration, or credential information which can be leveraged by a malicious individual to further attack the system or conduct social engineering efforts.
URL http://localhost/moodle/composer.lock
Node Name http://localhost/moodle/composer.lock
Method GET
Parameter
Attack
Evidence HTTP/1.1 200 OK
Request Header - size: 239 bytes.
Request Body - size: 0 bytes.
Response Header - size: 233 bytes.
Response Body - size: 163,563 bytes.
Instances 1
Solution
Consider whether or not the component is actually required in production, if it isn't then disable it. If it is then ensure access to it requires appropriate authentication and authorization, or limit exposure to internal systems or specific source IPs, etc.
Reference https://blog.hboeck.de/archives/892-Introducing-Snallygaster-a-Tool-to-Scan-for-Secrets-on-Web-Servers.html
Tags OWASP_2021_A05
OWASP_2017_A06
POLICY_QA_FULL =
POLICY_PENTEST =
CWE-538
WSTG-v42-CONF-05
CWE Id 538
WASC Id 13
Plugin Id 40035
Medium
Sub Resource Integrity Attribute Missing
Description
The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.
URL http://localhost/moodle/
Node Name http://localhost/moodle/
Method GET
Parameter
Attack
Evidence <script src="https://cdn.jsdelivr.net/npm/mathjax@2.7.9/MathJax.js?delayStartupUntil=configured"></script>
Request Header - size: 226 bytes.
Request Body - size: 0 bytes.
Response Header - size: 658 bytes.
Response Body - size: 30,345 bytes.
URL http://localhost/moodle/admin/tool/dataprivacy/summary.php
Node Name http://localhost/moodle/admin/tool/dataprivacy/summary.php
Method GET
Parameter
Attack
Evidence <script src="https://cdn.jsdelivr.net/npm/mathjax@2.7.9/MathJax.js?delayStartupUntil=configured"></script>
Request Header - size: 345 bytes.
Request Body - size: 0 bytes.
Response Header - size: 472 bytes.
Response Body - size: 28,396 bytes.
URL http://localhost/moodle/login/forgot_password.php
Node Name http://localhost/moodle/login/forgot_password.php
Method GET
Parameter
Attack
Evidence <script src="https://cdn.jsdelivr.net/npm/mathjax@2.7.9/MathJax.js?delayStartupUntil=configured"></script>
Request Header - size: 351 bytes.
Request Body - size: 0 bytes.
Response Header - size: 472 bytes.
Response Body - size: 25,802 bytes.
URL http://localhost/moodle/login/index.php
Node Name http://localhost/moodle/login/index.php
Method GET
Parameter
Attack
Evidence <script src="https://cdn.jsdelivr.net/npm/mathjax@2.7.9/MathJax.js?delayStartupUntil=configured"></script>
Request Header - size: 326 bytes.
Request Body - size: 0 bytes.
Response Header - size: 472 bytes.
Response Body - size: 22,388 bytes.
URL http://localhost/moodle/login/forgot_password.php
Node Name http://localhost/moodle/login/forgot_password.php ()(_qf__login_forgot_password_form,email,sesskey,submitbuttonusername,username)
Method POST
Parameter
Attack
Evidence <script src="https://cdn.jsdelivr.net/npm/mathjax@2.7.9/MathJax.js?delayStartupUntil=configured"></script>
Request Header - size: 432 bytes.
Request Body - size: 121 bytes.
Response Header - size: 472 bytes.
Response Body - size: 26,119 bytes.
Instances Systemic
Solution
Provide a valid integrity attribute to the tag.
Reference https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
Tags CWE-345
OWASP_2021_A05
POLICY_QA_STD =
POLICY_PENTEST =
SYSTEMIC
OWASP_2017_A06
POLICY_DEV_STD =
CWE Id 345
WASC Id 15
Plugin Id 90003
Low
Big Redirect Detected (Potential Sensitive Information Leak)
Description
The server has responded with a redirect that seems to provide a large response. This may indicate that although the server sent a redirect it also responded with body content (which may include sensitive details, PII, etc.).
URL http://localhost/moodle/course/view.php?id=10
Node Name http://localhost/moodle/course/view.php (id)
Method GET
Parameter
Attack
Evidence
Request Header - size: 332 bytes.
Request Body - size: 0 bytes.
Response Header - size: 413 bytes.
Response Body - size: 1,503 bytes.
URL http://localhost/moodle/user/profile.php?id=2
Node Name http://localhost/moodle/user/profile.php (id)
Method GET
Parameter
Attack
Evidence
Request Header - size: 332 bytes.
Request Body - size: 0 bytes.
Response Header - size: 413 bytes.
Response Body - size: 1,503 bytes.
URL http://localhost/moodle/login/index.php
Node Name http://localhost/moodle/login/index.php ()(anchor,logintoken,password,username)
Method POST
Parameter
Attack
Evidence
Request Header - size: 411 bytes.
Request Body - size: 77 bytes.
Response Header - size: 413 bytes.
Response Body - size: 1,503 bytes.
URL http://localhost/moodle/login/index.php
Node Name http://localhost/moodle/login/index.php ()(logintoken,password,username)
Method POST
Parameter
Attack
Evidence
Request Header - size: 411 bytes.
Request Body - size: 71 bytes.
Response Header - size: 413 bytes.
Response Body - size: 1,503 bytes.
Instances 4
Solution
Ensure that no sensitive information is leaked via redirect responses. Redirect responses should have almost no content.
Reference
Tags WSTG-v42-INFO-05
OWASP_2017_A03
OWASP_2021_A04
POLICY_PENTEST =
CWE-201
CWE Id 201
WASC Id 13
Plugin Id 10044
Low
Cookie without SameSite Attribute
Description
A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.
URL http://localhost/moodle/
Node Name http://localhost/moodle/
Method GET
Parameter MoodleSession
Attack
Evidence Set-Cookie: MoodleSession
Request Header - size: 226 bytes.
Request Body - size: 0 bytes.
Response Header - size: 658 bytes.
Response Body - size: 30,345 bytes.
Instances 1
Solution
Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.
Reference https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site
Tags OWASP_2021_A01
POLICY_QA_STD =
WSTG-v42-SESS-02
POLICY_PENTEST =
SYSTEMIC
CWE-1275
OWASP_2017_A05
POLICY_DEV_STD =
CWE Id 1275
WASC Id 13
Plugin Id 10054
Low
Cross-Domain JavaScript Source File Inclusion
Description
The page includes one or more script files from a third-party domain.
URL http://localhost/moodle/
Node Name http://localhost/moodle/
Method GET
Parameter https://cdn.jsdelivr.net/npm/mathjax@2.7.9/MathJax.js?delayStartupUntil=configured
Attack
Evidence <script src="https://cdn.jsdelivr.net/npm/mathjax@2.7.9/MathJax.js?delayStartupUntil=configured"></script>
Request Header - size: 226 bytes.
Request Body - size: 0 bytes.
Response Header - size: 658 bytes.
Response Body - size: 30,345 bytes.
URL http://localhost/moodle/admin/tool/dataprivacy/summary.php
Node Name http://localhost/moodle/admin/tool/dataprivacy/summary.php
Method GET
Parameter https://cdn.jsdelivr.net/npm/mathjax@2.7.9/MathJax.js?delayStartupUntil=configured
Attack
Evidence <script src="https://cdn.jsdelivr.net/npm/mathjax@2.7.9/MathJax.js?delayStartupUntil=configured"></script>
Request Header - size: 345 bytes.
Request Body - size: 0 bytes.
Response Header - size: 472 bytes.
Response Body - size: 28,396 bytes.
URL http://localhost/moodle/login/forgot_password.php
Node Name http://localhost/moodle/login/forgot_password.php
Method GET
Parameter https://cdn.jsdelivr.net/npm/mathjax@2.7.9/MathJax.js?delayStartupUntil=configured
Attack
Evidence <script src="https://cdn.jsdelivr.net/npm/mathjax@2.7.9/MathJax.js?delayStartupUntil=configured"></script>
Request Header - size: 351 bytes.
Request Body - size: 0 bytes.
Response Header - size: 472 bytes.
Response Body - size: 25,802 bytes.
URL http://localhost/moodle/login/index.php
Node Name http://localhost/moodle/login/index.php
Method GET
Parameter https://cdn.jsdelivr.net/npm/mathjax@2.7.9/MathJax.js?delayStartupUntil=configured
Attack
Evidence <script src="https://cdn.jsdelivr.net/npm/mathjax@2.7.9/MathJax.js?delayStartupUntil=configured"></script>
Request Header - size: 326 bytes.
Request Body - size: 0 bytes.
Response Header - size: 472 bytes.
Response Body - size: 22,388 bytes.
URL http://localhost/moodle/login/index.php
Node Name http://localhost/moodle/login/index.php ()(anchor,logintoken,password,username)
Method POST
Parameter https://cdn.jsdelivr.net/npm/mathjax@2.7.9/MathJax.js?delayStartupUntil=configured
Attack
Evidence <script src="https://cdn.jsdelivr.net/npm/mathjax@2.7.9/MathJax.js?delayStartupUntil=configured"></script>
Request Header - size: 411 bytes.
Request Body - size: 77 bytes.
Response Header - size: 472 bytes.
Response Body - size: 22,639 bytes.
Instances Systemic
Solution
Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.
Reference
Tags OWASP_2021_A08
CWE-829
POLICY_QA_STD =
POLICY_PENTEST =
SYSTEMIC
POLICY_DEV_STD =
CWE Id 829
WASC Id 15
Plugin Id 10017
Low
In Page Banner Information Leak
Description
The server returned a version banner string in the response content. Such information leaks may allow attackers to further target specific issues impacting the product and version in use.
URL http://localhost/robots.txt
Node Name http://localhost/robots.txt
Method GET
Parameter
Attack
Evidence Apache/2.4.58
Request Header - size: 229 bytes.
Request Body - size: 0 bytes.
Response Header - size: 185 bytes.
Response Body - size: 295 bytes.
URL http://localhost/sitemap.xml
Node Name http://localhost/sitemap.xml
Method GET
Parameter
Attack
Evidence Apache/2.4.58
Request Header - size: 230 bytes.
Request Body - size: 0 bytes.
Response Header - size: 185 bytes.
Response Body - size: 295 bytes.
Instances 2
Solution
Configure the server to prevent such information leaks. For example:

Under Tomcat this is done via the "server" directive and implementation of custom error pages.

Under Apache this is done via the "ServerSignature" and "ServerTokens" directives.
Reference https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/
Tags OWASP_2021_A05
POLICY_QA_STD =
POLICY_PENTEST =
SYSTEMIC
OWASP_2017_A06
WSTG-v42-INFO-02
CWE-497
CWE Id 497
WASC Id 13
Plugin Id 10009
Low
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)
Description
The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.
URL http://localhost/moodle/
Node Name http://localhost/moodle/
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.2.12
Request Header - size: 226 bytes.
Request Body - size: 0 bytes.
Response Header - size: 658 bytes.
Response Body - size: 30,345 bytes.
URL http://localhost/moodle/lib/javascript.php/1769435081/lib/javascript-static.js
Node Name http://localhost/moodle/lib/javascript.php/1769435081/lib/javascript-static.js
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.2.12
Request Header - size: 365 bytes.
Request Body - size: 0 bytes.
Response Header - size: 488 bytes.
Response Body - size: 21,041 bytes.
URL http://localhost/moodle/lib/javascript.php/1769435081/lib/requirejs/require.min.js
Node Name http://localhost/moodle/lib/javascript.php/1769435081/lib/requirejs/require.min.js
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.2.12
Request Header - size: 369 bytes.
Request Body - size: 0 bytes.
Response Header - size: 488 bytes.
Response Body - size: 17,588 bytes.
URL http://localhost/moodle/theme/image.php/boost/theme/1769435081/favicon
Node Name http://localhost/moodle/theme/image.php/boost/theme/1769435081/favicon
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.2.12
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 485 bytes.
Response Body - size: 1,150 bytes.
URL http://localhost/moodle/theme/yui_combo.php?rollup/3.18.1/yui-moodlesimple-min.css
Node Name http://localhost/moodle/theme/yui_combo.php (rollup/3.18.1/yui-moodlesimple-min.css)
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.2.12
Request Header - size: 369 bytes.
Request Body - size: 0 bytes.
Response Header - size: 464 bytes.
Response Body - size: 2,916 bytes.
Instances Systemic
Solution
Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.
Reference https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework
https://www.troyhunt.com/shhh-dont-let-your-response-headers/
Tags OWASP_2021_A01
WSTG-v42-INFO-08
POLICY_QA_STD =
POLICY_PENTEST =
SYSTEMIC
OWASP_2017_A03
CWE-497
CWE Id 497
WASC Id 13
Plugin Id 10037
Low
Server Leaks Version Information via "Server" HTTP Response Header Field
Description
The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.
URL http://localhost/moodle/
Node Name http://localhost/moodle/
Method GET
Parameter
Attack
Evidence Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
Request Header - size: 226 bytes.
Request Body - size: 0 bytes.
Response Header - size: 658 bytes.
Response Body - size: 30,345 bytes.
URL http://localhost/moodle/theme/image.php/boost/theme/1769435081/favicon
Node Name http://localhost/moodle/theme/image.php/boost/theme/1769435081/favicon
Method GET
Parameter
Attack
Evidence Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 485 bytes.
Response Body - size: 1,150 bytes.
URL http://localhost/moodle/theme/yui_combo.php?rollup/3.18.1/yui-moodlesimple-min.css
Node Name http://localhost/moodle/theme/yui_combo.php (rollup/3.18.1/yui-moodlesimple-min.css)
Method GET
Parameter
Attack
Evidence Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
Request Header - size: 369 bytes.
Request Body - size: 0 bytes.
Response Header - size: 464 bytes.
Response Body - size: 2,916 bytes.
URL http://localhost/robots.txt
Node Name http://localhost/robots.txt
Method GET
Parameter
Attack
Evidence Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
Request Header - size: 229 bytes.
Request Body - size: 0 bytes.
Response Header - size: 185 bytes.
Response Body - size: 295 bytes.
URL http://localhost/sitemap.xml
Node Name http://localhost/sitemap.xml
Method GET
Parameter
Attack
Evidence Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
Request Header - size: 230 bytes.
Request Body - size: 0 bytes.
Response Header - size: 185 bytes.
Response Body - size: 295 bytes.
Instances Systemic
Solution
Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.
Reference https://httpd.apache.org/docs/current/mod/core.html#servertokens
https://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)
https://www.troyhunt.com/shhh-dont-let-your-response-headers/
Tags OWASP_2021_A05
POLICY_QA_STD =
POLICY_PENTEST =
SYSTEMIC
OWASP_2017_A06
WSTG-v42-INFO-02
CWE-497
CWE Id 497
WASC Id 13
Plugin Id 10036
Low
Timestamp Disclosure - Unix
Description
A timestamp was disclosed by the application/web server. - Unix
URL http://localhost/moodle/
Node Name http://localhost/moodle/
Method GET
Parameter
Attack
Evidence 1769435081
Request Header - size: 226 bytes.
Request Body - size: 0 bytes.
Response Header - size: 658 bytes.
Response Body - size: 30,345 bytes.
URL http://localhost/moodle/
Node Name http://localhost/moodle/
Method GET
Parameter
Attack
Evidence 1769892120
Request Header - size: 226 bytes.
Request Body - size: 0 bytes.
Response Header - size: 658 bytes.
Response Body - size: 30,345 bytes.
URL http://localhost/moodle/
Node Name http://localhost/moodle/
Method GET
Parameter
Attack
Evidence 1769892298
Request Header - size: 226 bytes.
Request Body - size: 0 bytes.
Response Header - size: 658 bytes.
Response Body - size: 30,345 bytes.
URL http://localhost/moodle/
Node Name http://localhost/moodle/
Method GET
Parameter
Attack
Evidence 1769892682
Request Header - size: 226 bytes.
Request Body - size: 0 bytes.
Response Header - size: 658 bytes.
Response Body - size: 30,345 bytes.
URL http://localhost/moodle/
Node Name http://localhost/moodle/
Method GET
Parameter
Attack
Evidence 1769892735
Request Header - size: 226 bytes.
Request Body - size: 0 bytes.
Response Header - size: 658 bytes.
Response Body - size: 30,345 bytes.
Instances Systemic
Solution
Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.
Reference https://cwe.mitre.org/data/definitions/200.html
Tags OWASP_2021_A01
OWASP_2017_A03
POLICY_PENTEST =
CWE-497
SYSTEMIC
CWE Id 497
WASC Id 13
Plugin Id 10096
Low
X-Content-Type-Options Header Missing
Description
The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.
URL http://localhost/moodle/
Node Name http://localhost/moodle/
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 226 bytes.
Request Body - size: 0 bytes.
Response Header - size: 658 bytes.
Response Body - size: 30,345 bytes.
URL http://localhost/moodle/lib/javascript.php/1769435081/lib/javascript-static.js
Node Name http://localhost/moodle/lib/javascript.php/1769435081/lib/javascript-static.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 365 bytes.
Request Body - size: 0 bytes.
Response Header - size: 488 bytes.
Response Body - size: 21,041 bytes.
URL http://localhost/moodle/lib/javascript.php/1769435081/lib/requirejs/require.min.js
Node Name http://localhost/moodle/lib/javascript.php/1769435081/lib/requirejs/require.min.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 369 bytes.
Request Body - size: 0 bytes.
Response Header - size: 488 bytes.
Response Body - size: 17,588 bytes.
URL http://localhost/moodle/theme/image.php/boost/theme/1769435081/favicon
Node Name http://localhost/moodle/theme/image.php/boost/theme/1769435081/favicon
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 485 bytes.
Response Body - size: 1,150 bytes.
URL http://localhost/moodle/theme/yui_combo.php?rollup/3.18.1/yui-moodlesimple-min.css
Node Name http://localhost/moodle/theme/yui_combo.php (rollup/3.18.1/yui-moodlesimple-min.css)
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 369 bytes.
Request Body - size: 0 bytes.
Response Header - size: 464 bytes.
Response Body - size: 2,916 bytes.
Instances Systemic
Solution
Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.
Reference https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)
https://owasp.org/www-community/Security_Headers
Tags CWE-693
OWASP_2021_A05
OWASP_2017_A06
POLICY_QA_STD =
POLICY_PENTEST =
SYSTEMIC
CWE Id 693
WASC Id 15
Plugin Id 10021
Informational
Authentication Request Identified
Description
The given request has been identified as an authentication request. The 'Other Info' field contains a set of key=value lines which identify any relevant fields. If the request is in a context which has an Authentication Method set to "Auto-Detect" then this rule will change the authentication to match the request identified.
URL http://localhost/moodle/login/forgot_password.php
Node Name http://localhost/moodle/login/forgot_password.php ()(_qf__login_forgot_password_form,email,sesskey,submitbuttonemail,username)
Method POST
Parameter email
Attack
Evidence _qf__login_forgot_password_form
Request Header - size: 432 bytes.
Request Body - size: 118 bytes.
Response Header - size: 472 bytes.
Response Body - size: 26,119 bytes.
URL http://localhost/moodle/login/forgot_password.php
Node Name http://localhost/moodle/login/forgot_password.php ()(_qf__login_forgot_password_form,email,sesskey,submitbuttonusername,username)
Method POST
Parameter email
Attack
Evidence _qf__login_forgot_password_form
Request Header - size: 432 bytes.
Request Body - size: 121 bytes.
Response Header - size: 472 bytes.
Response Body - size: 26,119 bytes.
URL http://localhost/moodle/login/index.php
Node Name http://localhost/moodle/login/index.php ()(anchor,logintoken,password,username)
Method POST
Parameter logintoken
Attack
Evidence password
Request Header - size: 411 bytes.
Request Body - size: 77 bytes.
Response Header - size: 472 bytes.
Response Body - size: 22,639 bytes.
URL http://localhost/moodle/login/index.php
Node Name http://localhost/moodle/login/index.php ()(logintoken,password,username)
Method POST
Parameter logintoken
Attack
Evidence password
Request Header - size: 411 bytes.
Request Body - size: 71 bytes.
Response Header - size: 413 bytes.
Response Body - size: 1,503 bytes.
Instances 4
Solution
This is an informational alert rather than a vulnerability and so there is nothing to fix.
Reference https://www.zaproxy.org/docs/desktop/addons/authentication-helper/auth-req-id/
Tags
CWE Id
WASC Id
Plugin Id 10111
Informational
GET for POST
Description
A request that was originally observed as a POST was also accepted as a GET. This issue does not represent a security weakness unto itself, however, it may facilitate simplification of other attacks. For example if the original POST is subject to Cross-Site Scripting (XSS), then this finding may indicate that a simplified (GET based) XSS may also be possible.
URL http://localhost/moodle/login/forgot_password.php
Node Name http://localhost/moodle/login/forgot_password.php (_qf__login_forgot_password_form,email,sesskey,submitbuttonemail,username)
Method GET
Parameter
Attack
Evidence GET http://localhost/moodle/login/forgot_password.php?_qf__login_forgot_password_form=1&email=zaproxy@example.com&sesskey=mh9MdhDsDO&submitbuttonemail=Search&username=ZAP HTTP/1.1
Request Header - size: 527 bytes.
Request Body - size: 0 bytes.
Response Header - size: 472 bytes.
Response Body - size: 25,802 bytes.
URL http://localhost/moodle/login/forgot_password.php
Node Name http://localhost/moodle/login/forgot_password.php (_qf__login_forgot_password_form,email,sesskey,submitbuttonusername,username)
Method GET
Parameter
Attack
Evidence GET http://localhost/moodle/login/forgot_password.php?_qf__login_forgot_password_form=1&email=zaproxy@example.com&sesskey=mh9MdhDsDO&submitbuttonusername=Search&username=ZAP HTTP/1.1
Request Header - size: 530 bytes.
Request Body - size: 0 bytes.
Response Header - size: 472 bytes.
Response Body - size: 25,802 bytes.
Instances 2
Solution
Ensure that only POST is accepted where POST is expected.
Reference
Tags OWASP_2021_A04
POLICY_QA_STD =
POLICY_QA_FULL =
POLICY_PENTEST =
WSTG-v42-CONF-06
POLICY_QA_CICD =
OWASP_2017_A06
CWE-16
CWE Id 16
WASC Id 20
Plugin Id 10058
Informational
Information Disclosure - Suspicious Comments
Description
The response appears to contain suspicious comments which may help an attacker.
URL http://localhost/moodle/
Node Name http://localhost/moodle/
Method GET
Parameter
Attack
Evidence bug
Request Header - size: 226 bytes.
Request Body - size: 0 bytes.
Response Header - size: 658 bytes.
Response Body - size: 30,345 bytes.
URL http://localhost/moodle/admin/tool/dataprivacy/summary.php
Node Name http://localhost/moodle/admin/tool/dataprivacy/summary.php
Method GET
Parameter
Attack
Evidence bug
Request Header - size: 345 bytes.
Request Body - size: 0 bytes.
Response Header - size: 472 bytes.
Response Body - size: 28,396 bytes.
URL http://localhost/moodle/lib/javascript.php/1769435081/lib/polyfills/polyfill.js
Node Name http://localhost/moodle/lib/javascript.php/1769435081/lib/polyfills/polyfill.js
Method GET
Parameter
Attack
Evidence username
Request Header - size: 366 bytes.
Request Body - size: 0 bytes.
Response Header - size: 489 bytes.
Response Body - size: 200,103 bytes.
URL http://localhost/moodle/login/forgot_password.php
Node Name http://localhost/moodle/login/forgot_password.php
Method GET
Parameter
Attack
Evidence bug
Request Header - size: 351 bytes.
Request Body - size: 0 bytes.
Response Header - size: 472 bytes.
Response Body - size: 25,802 bytes.
URL http://localhost/moodle/login/index.php
Node Name http://localhost/moodle/login/index.php
Method GET
Parameter
Attack
Evidence bug
Request Header - size: 326 bytes.
Request Body - size: 0 bytes.
Response Header - size: 472 bytes.
Response Body - size: 22,388 bytes.
URL http://localhost/moodle/theme/yui_combo.php?rollup/3.18.1/yui-moodlesimple-min.js
Node Name http://localhost/moodle/theme/yui_combo.php (rollup/3.18.1/yui-moodlesimple-min.js)
Method GET
Parameter
Attack
Evidence later
Request Header - size: 368 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 272,032 bytes.
URL http://localhost/moodle/login/forgot_password.php
Node Name http://localhost/moodle/login/forgot_password.php ()(_qf__login_forgot_password_form,email,sesskey,submitbuttonemail,username)
Method POST
Parameter
Attack
Evidence bug
Request Header - size: 432 bytes.
Request Body - size: 118 bytes.
Response Header - size: 472 bytes.
Response Body - size: 26,119 bytes.
URL http://localhost/moodle/login/forgot_password.php
Node Name http://localhost/moodle/login/forgot_password.php ()(_qf__login_forgot_password_form,email,sesskey,submitbuttonusername,username)
Method POST
Parameter
Attack
Evidence bug
Request Header - size: 432 bytes.
Request Body - size: 121 bytes.
Response Header - size: 472 bytes.
Response Body - size: 26,119 bytes.
URL http://localhost/moodle/login/index.php
Node Name http://localhost/moodle/login/index.php ()(anchor,logintoken,password,username)
Method POST
Parameter
Attack
Evidence bug
Request Header - size: 411 bytes.
Request Body - size: 77 bytes.
Response Header - size: 472 bytes.
Response Body - size: 22,639 bytes.
URL http://localhost/moodle/login/index.php
Node Name http://localhost/moodle/login/index.php ()(logintoken,password,username)
Method POST
Parameter
Attack
Evidence bug
Request Header - size: 411 bytes.
Request Body - size: 71 bytes.
Response Header - size: 472 bytes.
Response Body - size: 22,641 bytes.
Instances 10
Solution
Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.
Reference
Tags OWASP_2021_A01
WSTG-v42-INFO-05
OWASP_2017_A03
POLICY_PENTEST =
CWE-615
CWE Id 615
WASC Id 13
Plugin Id 10027
Informational
Modern Web Application
Description
The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.
URL http://localhost/moodle/
Node Name http://localhost/moodle/
Method GET
Parameter
Attack
Evidence <a class="dropdown-toggle nav-link " href="#" id="moremenu-dropdown-697f2b43a6d4a" role="menuitem" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false" tabindex="-1"> More </a>
Request Header - size: 226 bytes.
Request Body - size: 0 bytes.
Response Header - size: 658 bytes.
Response Body - size: 30,345 bytes.
URL http://localhost/moodle/
Node Name http://localhost/moodle/
Method GET
Parameter
Attack
Evidence <a class="dropdown-toggle nav-link " href="#" id="moremenu-dropdown-697f2b44f0106" role="menuitem" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false" tabindex="-1"> More </a>
Request Header - size: 226 bytes.
Request Body - size: 0 bytes.
Response Header - size: 658 bytes.
Response Body - size: 30,345 bytes.
URL http://localhost/moodle/admin/tool/dataprivacy/summary.php
Node Name http://localhost/moodle/admin/tool/dataprivacy/summary.php
Method GET
Parameter
Attack
Evidence <a class="dropdown-toggle nav-link " href="#" id="moremenu-dropdown-697f2b467351c" role="menuitem" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false" tabindex="-1"> More </a>
Request Header - size: 345 bytes.
Request Body - size: 0 bytes.
Response Header - size: 472 bytes.
Response Body - size: 28,396 bytes.
URL http://localhost/moodle/login/index.php
Node Name http://localhost/moodle/login/index.php ()(anchor,logintoken,password,username)
Method POST
Parameter
Attack
Evidence <a href="#" id="loginerrormessage" class="sr-only">Invalid login, please try again</a>
Request Header - size: 411 bytes.
Request Body - size: 77 bytes.
Response Header - size: 472 bytes.
Response Body - size: 22,639 bytes.
URL http://localhost/moodle/login/index.php
Node Name http://localhost/moodle/login/index.php ()(logintoken,password,username)
Method POST
Parameter
Attack
Evidence <a href="#" id="loginerrormessage" class="sr-only">Invalid login, please try again</a>
Request Header - size: 411 bytes.
Request Body - size: 71 bytes.
Response Header - size: 472 bytes.
Response Body - size: 22,641 bytes.
Instances 5
Solution
This is an informational alert and so no changes are required.
Reference
Tags POLICY_QA_STD =
POLICY_PENTEST =
SYSTEMIC
POLICY_DEV_STD =
CWE Id
WASC Id
Plugin Id 10109
Informational
Session Management Response Identified
Description
The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to "Auto-Detect" then this rule will change the session management to use the tokens identified.
URL http://localhost/moodle/
Node Name http://localhost/moodle/
Method GET
Parameter MoodleSession
Attack
Evidence MoodleSession
Request Header - size: 226 bytes.
Request Body - size: 0 bytes.
Response Header - size: 658 bytes.
Response Body - size: 30,345 bytes.
Instances 1
Solution
This is an informational alert rather than a vulnerability and so there is nothing to fix.
Reference https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/
Tags
CWE Id
WASC Id
Plugin Id 10112
Informational
User Agent Fuzzer
Description
Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.
URL http://localhost/moodle/admin/tool/dataprivacy
Node Name http://localhost/moodle/admin/tool/dataprivacy
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Request Header - size: 272 bytes.
Request Body - size: 0 bytes.
Response Header - size: 173 bytes.
Response Body - size: 6,190 bytes.
URL http://localhost/moodle/lib
Node Name http://localhost/moodle/lib
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Request Header - size: 253 bytes.
Request Body - size: 0 bytes.
Response Header - size: 249 bytes.
Response Body - size: 1 bytes.
URL http://localhost/moodle/lib
Node Name http://localhost/moodle/lib
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Request Header - size: 253 bytes.
Request Body - size: 0 bytes.
Response Header - size: 249 bytes.
Response Body - size: 1 bytes.
URL http://localhost/moodle/lib
Node Name http://localhost/moodle/lib
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Request Header - size: 253 bytes.
Request Body - size: 0 bytes.
Response Header - size: 249 bytes.
Response Body - size: 1 bytes.
URL http://localhost/moodle/lib
Node Name http://localhost/moodle/lib
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Request Header - size: 265 bytes.
Request Body - size: 0 bytes.
Response Header - size: 249 bytes.
Response Body - size: 1 bytes.
Instances Systemic
Solution
Reference https://owasp.org/wstg
Tags CUSTOM_PAYLOADS =
POLICY_PENTEST =
SYSTEMIC
CWE Id
WASC Id
Plugin Id 10104
Informational
User Controllable HTML Element Attribute (Potential XSS)
Description
This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.
URL http://localhost/moodle/login/forgot_password.php
Node Name http://localhost/moodle/login/forgot_password.php ()(_qf__login_forgot_password_form,email,sesskey,submitbuttonemail,username)
Method POST
Parameter email
Attack
Evidence
Request Header - size: 432 bytes.
Request Body - size: 118 bytes.
Response Header - size: 472 bytes.
Response Body - size: 26,119 bytes.
URL http://localhost/moodle/login/forgot_password.php
Node Name http://localhost/moodle/login/forgot_password.php ()(_qf__login_forgot_password_form,email,sesskey,submitbuttonemail,username)
Method POST
Parameter sesskey
Attack
Evidence
Request Header - size: 432 bytes.
Request Body - size: 118 bytes.
Response Header - size: 472 bytes.
Response Body - size: 26,119 bytes.
URL http://localhost/moodle/login/forgot_password.php
Node Name http://localhost/moodle/login/forgot_password.php ()(_qf__login_forgot_password_form,email,sesskey,submitbuttonemail,username)
Method POST
Parameter submitbuttonemail
Attack
Evidence
Request Header - size: 432 bytes.
Request Body - size: 118 bytes.
Response Header - size: 472 bytes.
Response Body - size: 26,119 bytes.
URL http://localhost/moodle/login/forgot_password.php
Node Name http://localhost/moodle/login/forgot_password.php ()(_qf__login_forgot_password_form,email,sesskey,submitbuttonemail,username)
Method POST
Parameter username
Attack
Evidence
Request Header - size: 432 bytes.
Request Body - size: 118 bytes.
Response Header - size: 472 bytes.
Response Body - size: 26,119 bytes.
URL http://localhost/moodle/login/forgot_password.php
Node Name http://localhost/moodle/login/forgot_password.php ()(_qf__login_forgot_password_form,email,sesskey,submitbuttonusername,username)
Method POST
Parameter email
Attack
Evidence
Request Header - size: 432 bytes.
Request Body - size: 121 bytes.
Response Header - size: 472 bytes.
Response Body - size: 26,119 bytes.
URL http://localhost/moodle/login/forgot_password.php
Node Name http://localhost/moodle/login/forgot_password.php ()(_qf__login_forgot_password_form,email,sesskey,submitbuttonusername,username)
Method POST
Parameter sesskey
Attack
Evidence
Request Header - size: 432 bytes.
Request Body - size: 121 bytes.
Response Header - size: 472 bytes.
Response Body - size: 26,119 bytes.
URL http://localhost/moodle/login/forgot_password.php
Node Name http://localhost/moodle/login/forgot_password.php ()(_qf__login_forgot_password_form,email,sesskey,submitbuttonusername,username)
Method POST
Parameter submitbuttonusername
Attack
Evidence
Request Header - size: 432 bytes.
Request Body - size: 121 bytes.
Response Header - size: 472 bytes.
Response Body - size: 26,119 bytes.
URL http://localhost/moodle/login/forgot_password.php
Node Name http://localhost/moodle/login/forgot_password.php ()(_qf__login_forgot_password_form,email,sesskey,submitbuttonusername,username)
Method POST
Parameter username
Attack
Evidence
Request Header - size: 432 bytes.
Request Body - size: 121 bytes.
Response Header - size: 472 bytes.
Response Body - size: 26,119 bytes.
URL http://localhost/moodle/login/index.php
Node Name http://localhost/moodle/login/index.php ()(anchor,logintoken,password,username)
Method POST
Parameter password
Attack
Evidence
Request Header - size: 411 bytes.
Request Body - size: 77 bytes.
Response Header - size: 472 bytes.
Response Body - size: 22,639 bytes.
URL http://localhost/moodle/login/index.php
Node Name http://localhost/moodle/login/index.php ()(anchor,logintoken,password,username)
Method POST
Parameter username
Attack
Evidence
Request Header - size: 411 bytes.
Request Body - size: 77 bytes.
Response Header - size: 472 bytes.
Response Body - size: 22,639 bytes.
URL http://localhost/moodle/login/index.php
Node Name http://localhost/moodle/login/index.php ()(logintoken,password,username)
Method POST
Parameter username
Attack
Evidence
Request Header - size: 411 bytes.
Request Body - size: 71 bytes.
Response Header - size: 472 bytes.
Response Body - size: 22,641 bytes.
Instances 11
Solution
Validate all input and sanitize output it before writing to any HTML attributes.
Reference https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html
Tags OWASP_2017_A01
OWASP_2021_A03
CWE-20
POLICY_PENTEST =
CWE Id 20
WASC Id 20
Plugin Id 10031